Skip to main content
Security Posture Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Mobile Software Risk Vector: Core Overview

Ingrid

The Mobile Software Risk Vector looks at a mobile device’s operating system (OS) and browsers and compares them with the latest and currently available OS and browsers to determine if they are supported or out of date. The usage of mobile software is not required to improve an organization's cyber security posture.

  • Risk Category: Diligence
  • Default Grade: N/A; This default grade does not have a negative impact on the rating. It is equivalent to a perfect grade.
  • Current Rating Impact: 1%
  • Finding Lifetime: 65 Days, with a 28-day grace period for remediation.
  • Scan Cadence: This risk vector is not assessed using automated scans. Instead, our internal records are updated weekly based on data received from our partners.
  • Eligible for Dynamic Remediation? No.

Bitsight identifies endpoint data from mobile devices, such as smartphones and tablets within a corporate network, which includes details on device descriptions, operating systems, applications, and browser versions. The Mobile Software risk vector targets end-user systems running on obsolete or unsupported browsers and operating systems, as upgrading to current versions is essential for resolving stability concerns, software bugs, and security vulnerabilities.

Access the list of endpoint OS-browser versions as of Mar 4, 2026 for download.

Recommendations for Managing this Risk Vector

  • Search and identify unsupported mobile software and then update the software to the latest version.
  • Set up auto-update methods for critical mobile software.
  • Insufficient information prevents Bitsight from identifying unsupported software. The use of mobile device management (MDM) systems is recommended, along with integrating human processes that ensures systems in the organization are patched and the software is up-to-date.

How is the Mobile Software Risk Vector graded?

The operating system (OS) and browser are graded independently from one another based on their support status.

When data is insufficient, this risk vector receives a N/A default grade. This occurs if there are no findings or if the device count falls below the required threshold.

Observed Devices Threshold

Thresholds ensure there is a sufficient statistical sample size for any company of any size. They are determined as follows:

  • The number of observed devices is less than 5 (<5), or
  • The number of observed devices is less than 100 (<100) and less than the number of employees divided by 1,000 (<employee_count/1000).

Where can I view my Mobile Software Grades and Findings?

  • SPM App: Findings ➔ Findings Table
  • CM App: Companies List ➔ Vendor Risk ➔ Findings
  • Insurance App: Companies List ➔  Client Risk ➔ Findings
  • API: GET/v1/companies/company_guid/findings?risk_vector=mobile_software
  • July 21, 2025: OS & browsers list 19-JUL-2025 version.
  • July 15, 2025: OS & browsers list 10-JUL-2025 version.
  • July 8, 2025: OS & browsers list 03-JUL-2025 version.
Was this article helpful?
10 out of 13 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.